Open Compliance Summit
Mike DolanThe Linux FoundationNovember 2015
Compliance continues to be a fundamental component of professional open source organizations§ Compliance requires attention at multiple levels of an organization: R&D,
product teams, services delivery, supply chain§ Compliance is best approached as a continuous function, not a point in
time check§ Most current issues are still coming from very basic, fundamental
breakdowns in compliance§ Strong compliance is also becoming a foundation for strong security
management
2
Compliance costs can be mitigated with proactive integration into product development
3
Source:http://www.ittoday.info/Articles/Open_Source_Legal_Compliance.htm
(A)DoNothing.(B)Post-development,pre-releaselicensingcomplianceassessmentandcorrection.(C)Real-timeautomatedscanningwithfinallicensingcomplianceassuranceatthebuildstage.
Many companies in our ecosystem have strong compliance practices across their organization
Engineering driven Business strategy driven
Exposed
Measured
Driving
Managed
Participating
R&D
But the scope of that maturity is often strongest with internal product teams
5
R&D
Product
R&DR&DR&D
But as the analysis goes out further from the core product teams, the situation becomes more complex
6
R&DR&D
Product
Service&Support
DownstreamSupplyChain
3rd Party
7
Highengagementinopenstandards
Portals Compliance Education Inventory Communication
Internal
External
Training
Guidelines
Licenses
NewEmployeeOrientation
InventoryManagement
Audit3rd
PartyCode
UsageProcess+Policy
DistributionProcess+Policy
AuditingProcess+Policy
Checklists
AttributionPolicy
DocumentationPolicy
Internal
External
Compliancepartofdevelopment
DedicatedTeam
Scoreboard
Contribution
Process+Policy
Increasedscopeofengagement
+Increased#ofOSSprojects
OpenStandards
ContributorTraining
Establishorganization
OSSGroup
HirefromOSSprojects
Opensourceproprietarycode
SupportOSSfoundations
HostOSSevents
Leadingrolew/OSSlicenses
EstablishInternalOSS
certificationandcareerpath
MentorshipProgram
IndependentITInfra
Needed Infrastructure to Support Drive to OSS Leadership
LF projects are working on these challenges
9
R&DR&DR&DR&DR&D
Product
Service&Support
DownstreamSupplyChain
3rd Party